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y Symantec 



It's time to wake up and smell the 
Virtsec Gravy! |ESp 



John Reeman 



Disclaimer 



Please note that any views or opinions presented 
in this presentation are solely my own and do not 
necessarily represent those of my employer. 
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Nostalgia 
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Techno magic. ..It just works! ! ! 
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Virtualization and Cloud 




Do we believe virtualization... 



Is more secure, less secure, or the same? 

Gartner has told us that through 2012, "60% of virtualized servers will 
be less secure than the physical servers they replace" 

A recent CSO flash poll conducted by Symantec revealed that while 
70% of respondents reported that security and compliance concerns 
have not slowed the pace of adoption in their organizations, 75% 
indicated that security and compliance are the largest factors in 
keeping them from full confidence when it comes to hosting business 
critical applications on virtualized servers. 
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Some interesting stats. 
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Looking deeper into hacking activity, it is 
apparent that the bulk of attacks continues to 
target applications and services rather than the 
operating systems or platforms on which they 
run." - Verizon Report 
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Real World Examples 




v*rfu*I mavltlnwi- t 



Admin hacks drug company virtual machines from McDonald's 



Logging in from a M cDonald's restaurant, a former employee of a US 

pharmaceutical company was able to wipe out most of the company's 

computer infrastructure earlier this year. Jason Cornish, 37, formerly an IT 

staffer at a subsidiary of Japanese drug maker Shionogi, pleaded guilty to 

computer intrusion charges in connection with the attack on February 3, 

2011. He wiped out 15 VM ware host systems that were running email, order 

tracking, financial and other services for the company. 

"The attack effectively froze Shionogi's operations for a number of days, 

leaving company employees unable to ship product, to cut checks, or even to 

communicate via email," the Department of J ustice said in court filings. Total cost to Shionogi was around 







$800,000 (£488,000). 
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ore Real world examples 



• Salesforce.com - Clickjacking 2009 

Source Sensepost (www.sensepost.com/blog/3741.html) 

• Amazon outages - April 26th 2011 

Source CSO Online (www.csoonline.com/article/680894/amazon-outage-a-valuable-lesson-in-cloud-security) 

• Continued persistent threats from individuals and groups is a 
given 

• Anonymous Source code leakage ! April 24th VM ware 

Source The Inquirer ( www.theinquirer.net/inquirer/news/2170503/hardcore-charlie-disputes-downplayinq-vmware-code ) 
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FUD 
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One example - what's wrong? 




Under the hood.... 

M y research over the years has involved doing 
binary analysis of code as well as reversing 

Strings analysis 

Looking for hidden hooks in api's 

To try and discover days 

But what I am about to show you is much simpler 
than that.... 
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Introducing VSAM 




Identify our target 
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chaos and fun 
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Looking over your shoulder. 
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We need to get better... 

Patching - yes it's a chore but there's no excuse anymore! 
(the vendors do their part so it's up to us) 

DSD Top 35 

Go back to basics; it's not all about technology 

Both Virtualization and Cloud Technology introduce new 
dynamics involving the network, storage and applications 

Data privacy issues exist, cross borders etc 

BUT if we are to embrace Cloud & Virtualization it is essential 
that we secure access to the API's or at least reduce risk 
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5 M ouse Clicks to build a network! 
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crossroads of past and future... 
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Anew approach.... 

Traditional security methods and even some 
virtualization security approaches are not 
adequate... 

We need to go beyond Firewalls; there are no 
boundaries remember... 

WAFs are not the answer.... 

There is a need for an independent multilayered 
approach that involves the business and technology 



In the future... 

Innovate to get better 

Advanced dynamic threat protection 

We live in a world now that is no longer IP centric but is more 
about objects, resources, assets, applications, services, the 
digital native 

We are dealing with large data sets that the human brain 
cannot comprehend 

We need to leverage other technology from both the past 
and future... 
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From the worlds of.... 




Helping to Make sense of BIG DATA 



Security Visualization 
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Secure bubbles.... 




Closing thoughts^ 

We can do this.... 

The expertise is there 

We have some cool technology out there 

We can leverage from history 

But some of it will involve going back to basics! (patching, 
hardening etc) 

Need for an effective risk management strategy 

We need a skilled workforce that understands... 

It's not just about 5 clicks of a mouse.... 
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^f Symantec . 

Thanks for listening 

Want to know more then:- 

@spiv 

John_Reeman@symantec.com 
+61 418 911 474 
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